On 1/31/14 10:35 AM, Tony Finch wrote:
> David Newman <dnew...@networktest.com> wrote:
>>
>> What action, if any, is needed?
> 
> Does rndc sign <zone> make it wake up? 

Alas, no. There are a bunch of successful IXFR messages to slave servers
but the dates in that NSEC3PARAM RRSIG did not change.

> Is there anything in the logs
> reporting problems, e.g. inability to read the key files?

For these five zones, the only warnings are that the signature has expired.

The log has errors for other zones saying the serial number is
unchanged. Here's an example:

30-Jan-2014 15:25:46.490 general: error: zone
networktest.com/IN/internal (signed): receive_secure_serial: unchanged

But I think this is unrelated to the zones with stale NSEC3PARAM RRSIGs.

dn



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to